Vulnerability Details CVE-2014-1632
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.176
EPSS Ranking 94.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
- http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665
- http://www.securityfocus.com/archive/1/530891/100/0/threaded
- https://bugs.launchpad.net/eventum/+bug/1271499
- https://www.htbridge.com/advisory/HTB23198
- http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665
- http://www.securityfocus.com/archive/1/530891/100/0/threaded
- https://bugs.launchpad.net/eventum/+bug/1271499
- https://www.htbridge.com/advisory/HTB23198
Products affected by CVE-2014-1632
-
cpe:2.3:a:eventum_project:eventum:1.1.0
-
cpe:2.3:a:eventum_project:eventum:1.2.0
-
cpe:2.3:a:eventum_project:eventum:1.2.1
-
cpe:2.3:a:eventum_project:eventum:1.2.2
-
cpe:2.3:a:eventum_project:eventum:1.3.0
-
cpe:2.3:a:eventum_project:eventum:1.3.1
-
cpe:2.3:a:eventum_project:eventum:1.4.0
-
cpe:2.3:a:eventum_project:eventum:1.5.0
-
cpe:2.3:a:eventum_project:eventum:1.5.1
-
cpe:2.3:a:eventum_project:eventum:1.5.2
-
cpe:2.3:a:eventum_project:eventum:1.5.3
-
cpe:2.3:a:eventum_project:eventum:1.5.4
-
cpe:2.3:a:eventum_project:eventum:1.5.5
-
cpe:2.3:a:eventum_project:eventum:1.6.0
-
cpe:2.3:a:eventum_project:eventum:1.6.1
-
cpe:2.3:a:eventum_project:eventum:1.7.0
-
cpe:2.3:a:eventum_project:eventum:1.7.1
-
cpe:2.3:a:eventum_project:eventum:2.0.0
-
cpe:2.3:a:eventum_project:eventum:2.0.1
-
cpe:2.3:a:eventum_project:eventum:2.1.0
-
cpe:2.3:a:eventum_project:eventum:2.1.1
-
cpe:2.3:a:eventum_project:eventum:2.2.0
-
cpe:2.3:a:eventum_project:eventum:2.3.0
-
cpe:2.3:a:eventum_project:eventum:2.3.1
-
cpe:2.3:a:eventum_project:eventum:2.3.2
-
cpe:2.3:a:eventum_project:eventum:2.3.3
-
cpe:2.3:a:eventum_project:eventum:2.3.4